Data Breach Today

MAY 5, 2020

What You Don't See Now, Can Hurt You Later

229

229

Data Breach Today

MAY 4, 2020

Trump Bans Use of Foreign Equipment That Poses 'National Security Threat' Declaring that threats to the United States' power grid are a national emergency, President Donald Trump is taking steps designed to help defend the grid from foreign interference by focusing on the supply chain.

Security 191

Security 191

Adam Shostack

MAY 4, 2020

A New Hope, even! Happy Star Wars Day!

52

52

Schneier on Security

MAY 7, 2020

This is a good explanation of an iOS bug that allowed someone to break out of the application sandbox. A summary: What a crazy bug, and Siguza's explanation is very cogent. Basically, it comes down to this: XML is terrible. iOS uses XML for Plists , and Plists are used everywhere in iOS (and MacOS). iOS's sandboxing system depends upon three different XML parsers, which interpret slightly invalid XML input in slightly different ways.

Access 91

Access IT Cybersecurity 91

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Dark Reading

MAY 4, 2020

Researchers warn the installers are legitimate but don't come from official sources of the Zoom app, including the Apple App Store and Google Play.

88

88

Data Breach Today

MAY 6, 2020

Researchers: Malware Is Capable of Launching DDoS Attacks Kaiji, a newly discovered botnet, is compromising Linux servers and IoT devices using brute-force methods that target the SSH protocol, according to the security firm Intezer. The botnet has the capability to launch DDoS attacks.

IoT 236

IoT Security 236

Data Breach Today

MAY 4, 2020

Nintendo Was Likely Anticipating the Dump After 2018 Intrusion Gamers are poring over a massive leak of Nintendo data, including source code for older gaming systems, prototypes of games and extensive software and hardware documentation. The data likely dates from a 2018 network intrusion at Nintendo.

221

221

Data Breach Today

MAY 8, 2020

The latest edition of the ISMG Security Report analyzes the many challenges involved in developing and implementing contact-tracing apps to help in the battle against COVID-19. Also featured: A discussion of emerging privacy issues and a report on why account takeover fraud losses are growing.

Privacy 191

Privacy Security 191

Threatpost

MAY 5, 2020

The vulnerability is one of 39 affecting various aspects of the mobile OS that the company fixed in a security update this week.

Access 118

Access Security 118

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

WIRED Threat Level

MAY 4, 2020

As contact tracing plans firm up, the tech giants are sharing new details for their framework—and a potential app interface.

Privacy 117

Privacy Security 117

Dark Reading

MAY 6, 2020

Hackers are hitting the sports industry hard on social media and luring quarantined consumers with offers of free streaming services, a new report shows.

102

102

Security Affairs

MAY 5, 2020

A proof-of-concept (PoC) exploit for the recently fixed CVE-2020-1967 denial-of-service (DoS) issue in OpenSSL has been made public. Recently, the OpenSSL Project released a security update for OpenSSL that patches a high-severity vulnerability, tracked as CVE-2020-1967 , that can be exploited by attackers to launch denial-of-service (DoS) attacks. The CVE-2020-1967 vulnerability has been described as a “segmentation fault” in the SSL_check_chain function, it is the first issue addressed in Op

Libraries 143

Libraries Cybersecurity Security IT 143

WIRED Threat Level

MAY 3, 2020

A recent infection, which managed to plunder a company's network within hours, demonstrates why the malware has become so prevalent.

Ransomware 118

Ransomware Security 118

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Data Breach Today

MAY 5, 2020

Campaign Designed to Harvest Credentials of Financial Industry Regulatory Authority Members The Financial Industry Regulatory Authority, a private organization that helps self-regulate brokerage firms and exchange markets in the U.S., warns that a "widespread, ongoing" phishing campaign is targeting its members.

Phishing 207

Phishing Marketing IT 207

Krebs on Security

MAY 6, 2020

Fresenius , Europe’s largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems. The company said the incident has limited some of its operations, but that patient care continues. Based in Germany, the Fresenius Group includes four independent businesses: Fresenius Medical Care , a leading provider of care to those suffering from ki

Ransomware 355

Ransomware Healthcare Manufacturing Data breaches 355

AIIM

MAY 5, 2020

The large-scale and lasting impacts of a digital transformation will influence your company for decades to come. Going digital is not merely about adopting present practices - it is a step into the future, aligning your business model and company's methods with the format that is solidifying itself as the new standard. As with any new integration, digitalization presents its fair share of challenges.

Digital transformation 184

Digital transformation Customer Experience Insurance Education 184

WIRED Threat Level

MAY 6, 2020

The system's use of GPS data could let hackers pinpoint who reports a positive diagnosis.

Privacy 145

Privacy Security 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Data Breach Today

MAY 7, 2020

'Unauthorized Individual' Accessed SSH File, Company Says Web hosting giant GoDaddy confirms that a data breach has affected about 28,000 of its customers' web hosting accounts, according to a news report. The company has reset passwords and usernames for some customers as a precaution, although it says no data appears to have been altered.

Data breaches 334

Data breaches Passwords Access IT 334

Krebs on Security

MAY 8, 2020

Millions of Americans now filing for unemployment will receive benefits via a prepaid card issued by U.S. Bank , a Minnesota-based financial institution that handles unemployment payments for more than a dozen U.S. states. Some of these unemployment applications will trigger an automatic letter from U.S. Bank to the applicant. The letters are intended to prevent identity theft, but many people are mistaking these vague missives for a notification that someone has hijacked their identity.

Communications 275

Communications Privacy IT 275

AIIM

MAY 6, 2020

The concept of a digital mailroom has been around a while. The idea is pretty simple - all incoming mail is scanned on entry and delivered electronically to the appropriate department or process. In reality, only mail with business value is likely to be processed. This will predominantly be documents with a structure such as forms, orders, invoices, delivery dockets, and vouchers.

Paper 149

Paper Digital transformation Financial Services Records Management 149

WIRED Threat Level

MAY 5, 2020

CAM4 has taken the server offline, but not before it leaked 7TB of user data.

IT 145

IT Security 145

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Data Breach Today

MAY 5, 2020

'Password-Spraying' Campaigns Aimed at Stealing Research Data, US and UK Authorities Warn Authorities in the U.S. and U.K. are warning medical institutions, pharmaceutical companies, universities and others about "password-spraying campaigns" by advance persistent threat groups seeking to steal COVID-19 research data. Security experts outline defensive steps that organizations can take.

Healthcare 319

Healthcare Passwords Security 319

Security Affairs

MAY 5, 2020

Security researchers spotted a new piece of DDoS bot dubbed Kaiji that is targeting IoT devices via SSH brute-force attacks. Last week, the popular security researcher MalwareMustDie and the experts at Intezer Labs spotted a new piece of malware dubbed Kaiji, that is targeting IoT devices via SSH brute-force attacks. The malicious code was designed to target Linux-based servers and Internet of Things (IoT) devices and use them as part of a DDoS botnet.

IoT 145

IoT IT Libraries Security 145

Threatpost

MAY 8, 2020

The Shiny Hunters hacking group said it stole 500 GB of data from the tech giant’s repositories on the developer platform, which it owns.

IT 143

IT Data breaches Phishing Security 143

WIRED Threat Level

MAY 8, 2020

For real this time. Its sister conference, Black Hat, has also been called off.

IT 144

IT Security 144

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Data Breach Today

MAY 2, 2020

Fraudsters Look to Harvest Office 365 Credentials From At-Home Employees A recently uncovered phishing campaign is spoofing notifications from Microsoft's Teams collaboration platform in order to harvest Office 365 credentials from employees working from home offices because of the COVID-19 pandemic, according to research from Abnormal Security.

Phishing 319

Phishing Security 319

Security Affairs

MAY 5, 2020

GoDaddy has been notifying its customers of a data breach, threat actors might have compromised their web hosting account credentials. GoDaddy has been notifying its customers of a data breach, attackers might have compromised users’ web hosting account credentials. Headquartered in Scottsdale, Arizona, the Internet domain registrar and web hosting company claims to have over 19 million customers worldwide.

Data breaches 145

Data breaches Access Security Cybersecurity 145

Threatpost

MAY 8, 2020

Due to the coronavirus pandemic, there will be no in-person Black Hat USA or DEF CON conferences this year.

Security 139

Security 139